Students

Securing Your Devices

Best practices for keeping your devices such as laptops, tablets and phones secure.

What you need to know

Always Apply a Password or a PIN

Keeping your devices locked is an essential good practice! You never know when you can be separated from them, so it’s best to always keep them locked with secure, hard to guess codes.

Update Your Software

Updating software on your devices does not only make them run better, but it also makes them more secure. Most software updates include essential security patches the vendor of the product has identified as necessary to keep your information secure.

Never Leave Your Devices Unattended

When studying at the library, coffee shop or other public spaces, never leave your devices unattended, even for a moment. This is the most common way devices are stolen.

Consider Auto-wipe Options

Consider using auto-wipe feature to your mobile devices, so if they are lost and someone attempts to guess your PIN too many times, the device will auto-wipe your personal data from it.

Safe Account & Password Management

Proper account and password management is the key to your online security.

What you need to know

Keep Passwords Strong

The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

Use More Than One

Avoid using the same password for all of your accounts. Try and diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

Never Share Your Password

The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

Your Digital Footprint

Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.

Self-Serve Password Reset

Did you know that U of T offers a self-serve password reset tool for your UTORid account? When you register, you can reset your own password if you have forgotten it via SMS or alternate email.

Phishing & Identity Theft

What you need to know

Same trick, different catch

Phishing attacks can take many forms, including fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

They Always Seem Urgent!

These messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information because they haven’t had the time to question their actions.

They Are Unexpected

The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

Easily Spoofed

The message claims to be from the University but the sender email, upon further inspection, is incorrect or odd.

Bad Grammar and Spelling

Phishing messeges often contain multipel spelling and grammatical errors. Did you spot them here?

Anatomy of a Phishing Email

Your Digital Footprint

How many online accounts do you have versus maintain? Be in the know of what’s out there with your name on it.

What you need to know

Keep Track of Your Accounts

Having multiple online accounts such as emails, social media spaces, and other services is common. Remember, each one of these accounts holds some of your personal information. Keeping track of what you have online, helps you reduce the risk of being hacked.

Avoid Using the Same Password for Everything

Hackers have multiple ways of getting ahold of your password, most commonly by guessing it or by accessing it via insecure services and via password leaks. If your password is released, it can be used to attempt to access other services such as your bank account. Always keep multiple passwords for different services to reduce your chances of being hacked across the board.

Spring Clean

Allocate an annual time in your calendar for reviewing your online accounts and the privacy settings. At this time you can delete accounts you no longer use and update the ones you do with the appropriate information and settings.

How are you represented online?

Decide how you would like to present your personal and academic or professional online information. Keep them consistent, separate where necessary. It is helpful to Google yourself once in a while to see what’s out there with your name on it, including images, articles and videos.

Social Media and Your Privacy

Be dilligent with your Social Media presence. Know how to set up your privacy settings to keep yourself safe online.

What you need to know

Secure Your Namespace

Consider securing common social media spaces with your full name to preserve your ‘online brand’. You can keep the accounts private and out of public view if you are not an active user, but at least you will rest easy and know no one else can appropriate it.

Be in Charge of Your Privacy Settings

Social Media spaces tend to default to a public privacy setting. Decide on your comfort level when sharing information, and ensure to set the appropriate privacy settings to limit who can view your posts.

Don’t Overshare Every Moment

Sharing every moment of your day can compromise your physical security. Avoid posting your location or your travels as they happen as this could give away that your home is unattended or prompt someone to locate you where you are broadcasting from.

Know How to Delete Accounts

Did you know that it’s more difficult to delete some social media accounts than others? When closing an account, pay careful attention to the process for actual deletion of your data, as a lot of social media spaces only ‘disable’ your profile and don’t actually delete it.